Skip to content

nodeSolidServer/oidc-rs

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 22 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
test
 
 
.gitignore
 
 
.travis.yml
 
 
CHANGELOG.md
 
 
LICENSE.md
 
 
README.md
 
 
package-lock.json
 
 
package.json
 
 
OpenID Connect Resource Server Authentication Features Usage Install Require ResourceServer Global server authentication Route specific configuration Middleware Options Running tests Nodejs MIT License

README.md

OpenID Connect Resource Server Authentication

OpenID Connect Resource Server Authentication for Node.js

Features

  • OAuth 2.0 Bearer Token Usage (RFC 6750)
  • JWT Access Token Validation (Specification pending)
  • Issuer discovery (OpenID Connect Discovery)
  • Dynamic key rotation (OpenID Connect Core)
  • Multiple issuer support
  • Scope validation
  • Allow and deny access by "iss", "aud", and "sub" claims

Usage

Install

$ npm install @solid/oidc-rs

Require

const ResourceServer = require('@solid/oidc-rs')

ResourceServer

ResourceServer maintains a cache of provider metadata and JSON Web Keys for verifying signatures. Provider discovery and acquisition of keys takes place when a JWT access token is decoded. The provider metadata and JWK Set are cached in memory. Therefore no configuration is required.

const rs = new ResourceServer()

The provider cache can be serialized and persisted, then restored like so:

const providers = require('./providers.json')
ResourceServer.from({providers}).then(rs => /* ... */)

Global server authentication

const app = express()
app.use(rs.authenticate(options))

Route specific configuration

app.get('/endpoint', rs.authenticate(options), (req, res, next) => {})

Middleware Options

No configuration is required in order to start using this middleware. All options are optional.

rs.authenticate({
  realm: 'user',
  scopes: ['foo', 'bar'],
  allow: {
    issuers: ['https://forge.anvil.io'],
    audience: ['clientid1', 'clientid2'],
    subjects: ['userid1', 'userid2', 'useridn']
  },
  deny: { // probably want to use either allow or deny, but not both
    issuers: ['https://forge.anvil.io'],
    audience: ['clientid1', 'clientid2'],
    subjects: ['userid1', 'userid2', 'useridn']
  },
  handleErrors: false, // defaults to true
  tokenProperty: 'token',
  claimsProperty: 'claims'
})
  • realm – Value of "realm" parameter to use in WWW-Authenticate challenge header.
  • scopes – Array of scope values required to access this resource.
  • allow – Object with arrays of allowed issuers, audience and subjects.
  • deny – Object with arrays of restricted issuers, audience and subjects.
  • handleErrors – When set to false, error conditions will result in a call to next(), passing control to the application's error handling.
  • tokenProperty – Name of property on req to assign decoded JWT object. The property will not be set unless defined.
  • claimsProperty – name of property on req to assign verified JWT claims. Defaults to "claims".

Running tests

Nodejs

$ npm test

MIT License

The MIT License

Copyright (c) 2016 Anvil Research, Inc. Copyright (c) 2017-2019 The Solid Project

About

OpenID Connect Resource Server Authentication for Node.js

Topics

running-code

Resources

Readme

License

MIT license

Stars

4 stars

Watchers

10 watching

Forks

1 fork
Report repository

Releases 2

v0.3.3 Latest
Sep 18, 2018
+ 1 release

Packages

No packages published

Contributors 9

Languages